faucet.valve_acl module

Compose ACLs on ports.

class faucet.valve_acl.ValveAclManager(port_acl_table, vlan_acl_table, egress_acl_table, pipeline, meters, dp_acls=None)[source]

Bases: faucet.valve_manager_base.ValveManagerBase

Handle installation of ACLs on a DP

add_authed_mac(port_num, mac)[source]

Add authed mac address


Install port acls if configured

add_port_acl(acl, port_num, mac=None)[source]

Create ACL openflow rules for Port


Install vlan acls if configured


Reload acl for a port by deleting existing rules and calling add_port


Create tunnel acls from ACLs that require applying in DP Returns flowmods for the tunnel :param dp: DP that contains the tunnel acls to build :type dp: DP

create_dot1x_flow_pair(port_num, nfv_sw_port_num, mac)[source]

Create dot1x flow pair

del_authed_mac(port_num, mac=None)[source]

remove authed mac address

del_dot1x_flow_pair(port_num, nfv_sw_port_num, mac)[source]

Deletes dot1x flow pair

del_port_acl(acl, port_num, mac=None)[source]

Delete ACL rules for Port


Install dp acls if configured

faucet.valve_acl.add_mac_address_to_match(match, eth_src)[source]

Add or change the value of a match type

faucet.valve_acl.build_acl_entry(acl_table, rule_conf, meters, acl_allow_inst, acl_force_port_vlan_inst, port_num=None, vlan_vid=None)[source]

Build flow/groupmods for one ACL rule entry.

faucet.valve_acl.build_acl_ofmsgs(acls, acl_table, acl_allow_inst, acl_force_port_vlan_inst, highest_priority, meters, exact_match, port_num=None, vlan_vid=None)[source]

Build flow/groupmods for all entries in an ACL.

faucet.valve_acl.build_acl_port_of_msgs(acl, vid, port_num, acl_table, goto_table)[source]

A Helper function for building Openflow Mod Messages for Port ACLs

faucet.valve_acl.build_output_actions(acl_table, output_dict)[source]

Implement actions to alter packet/output.

faucet.valve_acl.push_vlan(acl_table, vlan_vid)[source]

Push a VLAN tag with optional selection of eth type.

faucet.valve_acl.rewrite_vlan(acl_table, output_dict)[source]

Implement actions to rewrite VLAN headers.